Our exclusive portal is a core component of our managed services providing customers with insight into Azure spend and usage, access to incident support tickets, and reporting on system health. Learn More

Azure Active Directory Premium P2

As we discussed in the last entry, Microsoft has recently enhanced the EMS offering by adding more services into the bundle and adding an additional tier. This post will focus on the Azure Active Directory Premium P2 (AADP P2) portion of the suite.

Get reports about administrator access history & changes to administrator assignments

Get alerts about access to a privileged role

Why would you use it?

With the transition of businesses to cloud- and mobile-based applications, traditional defenses will not be sufficient to thwart determined attackers. Firewalls and Intrusion Detection Systems are not of much use when there is no traditional edge to your network. Today’s user works in an environment that allows her:

To access data on any device and from any network

She decides how to share data and with whom to share it

She does her job with scores of cloud-based applications (each with their own authentication and authorization systems)

IT doesn’t have a lot of visibility or control into how the user does her job

When you add in how the typical IT administrator does her job, it gets even scarier:

Users are assigned privileged access based on a job title – instead of what they need to do

Audits of who has what access become increasingly difficult with the rise of SaaS-based systems

Users keep access to sensitive systems – even after job changes

How do these services help protect your organization?

Microsoft has access to so many different data sources (authentications, web indexes/crawls, emails, etc.), that they’ve applied a name to it – the Intelligent Security Graph.

Identity Protection uses this graph to:

Gain insights – which means that they see and gather so much data from the internet, that they can spot trends before anyone else

Make remediation recommendations – by learning what’s ‘normal’ for your users, they can help you fix what’s wrong before something happens

Identity Protection isn’t just another place for you to perform monitoring – the service can give notifications, data extractions, and access reporting APIs to feed into your existing Security Information and Event Management (SIEM) systems, monitoring tools, even Microsoft’s PowerBI.

Privileged Identity Management adds additional protections for your most important users – those with access to your most important and sensitive systems / data. One of the ways that this service accomplishes this is through “just-in-time” or “time-limited” activation of privileged roles.

As seen in the graphic, Privileged Identity Management builds in an automated workflow whereby a user requests elevated access to perform a specific task, the privilege is granted after MFA-enabled authentication, and then the privilege “times-out” after a pre-determined amount of time. This is the method by which Microsoft grants itself access to its customers’ Office 365 subscriptions – only gaining access after being authenticated and then having the access expire after a set period.

This example of how Microsoft runs its own systems (Outlook.com, Xbox, Office 365, Azure, etc.) show how these services came to be – Microsoft needed them to safely operate their own businesses and now can offer those same capabilities to all its customers – even for non-Microsoft services and software.

I hope this post has got you interested in this portion of the EMS E5 suite. Future posts will cover Azure Information Protection, Cloud App Security, and then will wrap up with how all of these services work together to protect your business!

Technologies

Successes

To give you the best possible experience, this site uses cookies. Using newsignature.com means you agree to our use of cookies. For more information on cookies and how you can disable them, visit our Cookie Policy.